Nmap Development mailing list archives
Re: Minecraft "Insecure Mode" Detection Script
From: Toni Ruottu <toni.ruottu () iki fi>
Date: Mon, 10 Jan 2011 09:08:47 +0200
Sounds correct. On Mon, Jan 10, 2011 at 3:18 AM, David Fifield <david () bamsoftware com> wrote:
On Mon, Dec 20, 2010 at 03:35:14PM +0200, Toni Ruottu wrote:Merry Christmas time! This time I wrote a script for auditing security of Minecraft. The Minecraft multiplayer server has an "insecure mode". When running in this mode the server does not verify usernames against minecraft.net. Running the server in insecure mode makes it possible to play the game offline despite the authentication server being unreachable. As a side-effect the game allows any player to enter the game with any username, even ones registered to other users. See http://notch.tumblr.com/post/942787216/minecraft-alpha-1-0-16-minecraft-server-0-1-1-and-a for details. Minecraft multiplayer server admins can run the attached minecraft-auth NSE script against their online servers to make sure they are not running in the "insecure mode".Thanks Toni. I've added the script. After I read that link, I decided to take the script out of the "vuln" category and put it in "auth". Does that sound right? I guess this could be a vulnerability in the situation you described, but is it more likely that this is just a configuration decision made by the admin? David Fifield
_______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- Re: Minecraft "Insecure Mode" Detection Script David Fifield (Jan 09)
- Re: Minecraft "Insecure Mode" Detection Script Toni Ruottu (Jan 09)
- <Possible follow-ups>
- Re: Minecraft "Insecure Mode" Detection Script Fyodor (Jan 10)
- Re: Minecraft "Insecure Mode" Detection Script Toni Ruottu (Jan 11)
- Re: Minecraft "Insecure Mode" Detection Script Fyodor (Jan 11)
- Re: Minecraft "Insecure Mode" Detection Script Ron (Jan 13)
- Re: Minecraft "Insecure Mode" Detection Script Fyodor (Jan 13)
- Re: Minecraft "Insecure Mode" Detection Script Toni Ruottu (Jan 13)
- Re: Minecraft "Insecure Mode" Detection Script Ron (Jan 13)
- Re: Minecraft "Insecure Mode" Detection Script Toni Ruottu (Jan 11)